Re: [xacml] subjects

[Polar Humenn <polar@syr.edu>]

I have a schema for what I was talking about, which is attached.

I've not run any XML tools on it. But perhaps this might give you an idea
of what I was getting at.

-Polar
	<!-- -->
	<xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType"/>
	<xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType"/>
	<xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType"/>
	<!-- -->
	<xs:element name="ResourceAttributeIsPresent" type="xacml:AttributeDesignatorType"/>
	<xs:element name="ActionAttributeIsPresent" type="xacml:AttributeDesignatorType"/>
	<xs:element name="EnvironmentAttributeIsPresent" type="xacml:AttributeDesignatorType"/>
	<!-- -->
	<xs:complexType name="AttributeDesignatorType">
		<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
		<xs:attribute name="DataType" type="xs:anyURI" use="optional" default="http://www.w3.org/2001/XMLSchema-instance#string""/>
		<xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
		<xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="true"/>
	</xs:complexType>
	<!-- -->
	<xs:element name="SubjectQualifer" type="xacml:SubjectQualiferType"/>
	<xs:complexType name="SubjectQualiferType">
		<xs:complexContent>
			<xs:extension base="xacml:AttributeDesignatorType">
		        <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
			    <xs:element ref="xacml:AttributeValue"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType"/>
	<xs:complexType name="SubjectAttributeDesignatorType">
		<xs:complexContent>
			<xs:extension base="xacml:AttributeDesignatorType">
				<xs:element ref="SubjectQualifier" minOccurs="0" maxOccurs="unbounded"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="QualifiedSubjectAttributeDesignator" type="xacml:QualifiedSubjectAttributeDesignatorType"/>
	<xs:complexType name="QualifiedSubjectAttributeDesignatorType">
		<xs:complexContent>
			<xs:extension base="xacml:SubjectAttributeDesignatorType">
				<xs:attribute name="FromSubjects" type="xs:string" use="optional" default="single-subject"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="QualifiedSubjectAttributeIsPresent" type="xacml:QualifiedSubjectAttributeIsPresentType"/>
	<xs:complexType name="QualifiedSubjectAttributeIsPresentType">
		<xs:complexContent>
			<xs:extension base="xacml:SubjectAttributeDesignatorType">
				<xs:attribute name="MustBeSingleSubject" type="xs:boolean" use="optional" default="false"/>
			</xs:extension>
		</xs:complexContent>
	</xs:complexType>
	<!-- -->
	<xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
	<xs:complexType name="SubjectMatchType">
		<xs:sequence>
			<xs:choice>
				<xs:element ref="xacml:QualifiedSubjectAttributeDesignator"/>
				<xs:element ref="xacml:AttributeSelector"/>
			</xs:choice>
			<xs:element ref="xacml:AttributeValue"/>
		</xs:sequence>
		<xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
	</xs:complexType>
	<!-- -->
	<xs:complexType name="ApplyType">
		<xs:choice minOccurs="0" maxOccurs="unbounded">
			<xs:element ref="xacml:Apply"/>
			<xs:element ref="xacml:AttributeValue"/>
			<xs:element ref="xacml:QualifiedSubjectAttributeDesignator"/>
			<xs:element ref="xacml:ResourceAttributeDesignator"/>
			<xs:element ref="xacml:ActionAttributeDesignator"/>
			<xs:element ref="xacml:EnvironmentAttributeDesignator"/>
			<xs:element ref="xacml:QualifiedSubjectAttributeIsPresent"/>
			<xs:element ref="xacml:ResourceAttributeIsPresent"/>
			<xs:element ref="xacml:ActionAttributeIsPresent"/>
			<xs:element ref="xacml:EnvironmentAttributeIsPresent"/>
			<xs:element ref="xacml:AttributeSelector"/>
		</xs:choice>
		<xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
		<!-- Legal types for the first and subsequent operands are defined in the accompanying table -->
	</xs:complexType>
	<!-- -->